We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Hackers use Gmail IM service to steal login details

Webmail users urged to visit TinyURL link

Hackers are sending phishing emails to Gmail users via the Google Talk instant messaging system, Sophos has revealed.

The security firm said Gmail users were receiving unsolicited instant messages that urged them to view a video by clicking a TinyURL link.

However, the hoax link navigates to a website called ViddyHo, where web users are asked to enter their Gmail username and password.

"We're all used to receiving suspicious communications via email, but these attacks arrived via the instant chat system built into Gmail. As a result, more users may fall unwittingly into the trap," said Graham Cluley, senior technology consultant at Sophos.

Visit Broadband Advisor for the latest internet news, reviews, tips & tricks - and to take advantage of PC Advisor's unique, independent Broadband Speed Tester

Visit Security Advisor for the latest internet threat news, FREE net threat email newsletters, and internet security products

Research by Sophos revealed that 41 percent of web users have the same password for every site they visit. It is because of this Sophos is urging any victims of the hoax site to change the passwords on any site that shares the same log-in details as their Gmail account.

"If you think you might have been duped, make sure you change your Gmail password immediately otherwise your entire address book and all your correspondence, including information that you may have archived about other online accounts, will quickly become rich pickings for the hackers."

TinyURL has now blacklisted the site, so the link will no longer work. However, Sophos warned that there is nothing to stop the hackers using other URL shortening sites or setting up alternative phishing sites.

"The message is simple. You should always be wary of clicking on unsolicited links whether received over email or IM, and be extremely careful whenever a website asks you to enter your username and password for another site," added Cluley.

Gmail suffered a two-hour outage yesterday, which prevented a number of users of Google's webmail service accessing their accounts.

See also: Jack Straw's Hotmail account used to send hoax emails

IDG UK Sites

Windows 10 for phones UK release date, price and new features: When will my phone get Windows 10?

IDG UK Sites

It's World Backup Day 2015! Don't wait another minute: back up now

IDG UK Sites

How Lightroom works: Where are my photos and how do I back up?

IDG UK Sites

Best Mac: Apple Mac buyers guide for 2015: iMac, MacBook, MacBook Air, MacBook Pro, Mac mini and...